I will say it again slowly. Use print_r($_SERVER) in your script, and see if that displays anything that might give you some idea of how these people are making their variables by manipulating the page url!